[lld] [lld][ELF] Improve the vulnerability in Orphan Sections initialization (PR #156354)
via llvm-commits
llvm-commits at lists.llvm.org
Mon Sep 1 09:32:56 PDT 2025
https://github.com/mykouHW created https://github.com/llvm/llvm-project/pull/156354
Fix the error generated during the linking process when the relocation section is placed before the relocated section and the relocated section is not defined in the linker script.
**Issue Cause:**
In the judgment logic, `addOrphanSections` assumes that the `RelocatedSection` must be processed before the `RelocationSection`. Under this assumption, the `OutputSection` for the `RelocatedSection` has already been constructed, and the `parent` relationship associated with the `InputSectionBase` has been established.
If the `RelocationSection` is processed before the `RelocatedSection`, this assumption is violated. As a result, the condition `rel->parent` evaluates to null, causing `add(relIS)` to not execute. This skips the registration and construction process of the `RelocatedSection`, since its `createOutputSection` and `recordSection` methods have not yet been called at this point.
However, during the construction and registration of the `RelocationSection` in the `addInputSec` function, the `RelocatedSection` is accessed. Since the `RelocatedSection` has not been constructed yet, attempting to access it results in a null pointer error.
**Solution:**
Before processing the `RelocationSection`, ensure that the `OutputSection` for the `RelocatedSection` is created and registered. The creation and registration logic is protected by the `add` function, which prevents duplicate creation. However, it may result in duplicate establishment of the `parent` relationship, which does not affect correctness.
>From fb38a50bd066ae20c1099652b547eff48967e977 Mon Sep 17 00:00:00 2001
From: koumeiyuan <koumeiyuan at huawei.com>
Date: Fri, 29 Aug 2025 09:07:10 +0000
Subject: [PATCH] [lld][ELF] Improve the vulnerability in Orphan Sections
initialization
Fix the error generated during the linking process when the relocation section is placed before the relocated section and the relocated section is not defined in the linker script.
---
lld/ELF/LinkerScript.cpp | 8 +++--
.../ELF/linkerscript/orphan-sections-init.s | 30 +++++++++++++++++++
2 files changed, 36 insertions(+), 2 deletions(-)
create mode 100644 lld/test/ELF/linkerscript/orphan-sections-init.s
diff --git a/lld/ELF/LinkerScript.cpp b/lld/ELF/LinkerScript.cpp
index 921128dae2bdb..067abbc42a13d 100644
--- a/lld/ELF/LinkerScript.cpp
+++ b/lld/ELF/LinkerScript.cpp
@@ -1037,10 +1037,14 @@ void LinkerScript::addOrphanSections() {
if (ctx.arg.relocatable && (isec->flags & SHF_LINK_ORDER))
continue;
- if (auto *sec = dyn_cast<InputSection>(isec))
- if (InputSectionBase *rel = sec->getRelocatedSection())
+ if (auto *sec = dyn_cast<InputSection>(isec)){
+ if (InputSectionBase *rel = sec->getRelocatedSection()){
+ if (auto *relIS = dyn_cast_or_null<InputSectionBase>(rel))
+ add(relIS);
if (auto *relIS = dyn_cast_or_null<InputSectionBase>(rel->parent))
add(relIS);
+ }
+ }
add(isec);
if (ctx.arg.relocatable)
for (InputSectionBase *depSec : isec->dependentSections)
diff --git a/lld/test/ELF/linkerscript/orphan-sections-init.s b/lld/test/ELF/linkerscript/orphan-sections-init.s
new file mode 100644
index 0000000000000..1701336f098e2
--- /dev/null
+++ b/lld/test/ELF/linkerscript/orphan-sections-init.s
@@ -0,0 +1,30 @@
+# REQUIRES: x86
+# RUN: rm -rf %t && mkdir -p %t
+# RUN: split-file %s %t && cd %t
+
+# RUN: llvm-mc -filetype=obj -triple=x86_64 foo.s -o foo.o
+
+# RUN: ld.lld -r foo.o -T script.ld -o foo_mc.o
+
+# RUN: llvm-objcopy --rename-section .text=.com.text foo_mc.o foo_mc.o
+# RUN: llvm-objcopy --rename-section .rela.text=.rela.com.text foo_mc.o foo_mc.o
+
+# RUN: ld.lld -r foo_mc.o -T script.ld -o foo_mc_after.o
+
+#--- foo.s
+ .text
+ .globl foo
+ .p2align 4
+ .type foo, at function
+foo:
+ mov $bar, %rax
+
+
+
+#--- script.ld
+SECTIONS
+{
+ .rela.text 0 : { *(.rela.text) }
+ .text 0 : { *(.text) }
+}
+
More information about the llvm-commits
mailing list